cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2025-10567

CVE, Research URL

CVE-2025-10567

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
Nov 05, 2025
Research Description
The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
Affected versions
max 3.12.0.1.
Status
vulnerable
Previous vulnerability researches
SNORDIAN's H5PxAPIkatchu (CVE-2025-30821) , Apr 02, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025
Interactive Content – H5P , Jun 06, 2024
Interactive Content – H5P (CVE-2024-3111) , Jun 28, 2024
New vulnerability
Event post (CVE-2025-62042) , Nov 10, 2025
Rock Convert (CVE-2025-62911) , Nov 10, 2025
Wp tabber widget (CVE-2025-10730) , Nov 10, 2025
Flex QR Code Generator (CVE-2025-10041) , Nov 10, 2025
DominoKit (CVE-2025-12350) , Nov 10, 2025